Posts

Leading Cyber Security Software Architect, Bill Easton, joins Verve Industrial Protection as Chief Technical Officer

Easton brings distinctive experience in end point protection and management

ST. LOUIS, MO and CHICAGO – July 5, 2017 – Verve Industrial Protection, is pleased to announce the appointment of Bill Easton as Chief Technical Officer. Mr. Easton will help Verve continue to establish its leadership position as the leading platform for ICS cybersecurity.

Mr. Easton joins Verve Industrial Protection from RES software, a leading provider of end point protection services where he was a leader of BigFix integration.  Mr. Easton is one of the leading innovators in how to integrate different types of end-point protection to simplify the security process for end users.

“We are excited to welcome Bill to our team.  Verve Security Center is the only ICS-focused cyber security solution that provides an integrated platform to simplify end-point and network protection. Bill’s deep expertise in integrating these capabilities will help us extend our differentiation in this arena,” said John Livingston, CEO of Verve Industrial Protection.

Mr. Easton will help continue to expand the capabilities of the Verve Security Center. Verve Security Center (VSC) is a vendor agnostic security suite that consolidates antivirus, application whitelisting, change & configuration management, security information & event management (SIEM), patch management, vulnerability assessments, intrusion detection, backup management, compliance, workflow and document management into a unified solution.   VSC brings together threat intelligence into a single console so users can quickly and simply understand their security posture and compliance status.

“I am thrilled to join the Verve team.  The complexity of cyber security, especially in the ICS environment, requires that providers find a way to simplify solutions.  The Verve platform is one-of-a-kind.  The ability to bring together the full view of threats into an orchestrated platform is key to ensuring protection. I am excited to help continue to expand Verve’s leadership ,” said Mr. Easton.

_______________________________________________________________________________________

About Verve Industrial Protection:  Verve, formerly known as RKNeal Engineering, has been in the industrial controls engineering business for approximately 25 years. The company’s flagship software product is the Verve Security Center, an orchestration platform for ICS cyber security.  The company also offers industrial controls engineering and managed asset protection services to industrial clients.

 

For more information, please email us at sales@rverveindustrial.com, visit us at verveindustrial.com

Leading energy sector executive, Jason Few, joins Verve Industrial Protection as Senior Advisor

Few brings deep perspective on the needs of energy companies relating to cyber security and industrial protection

St. LOUIS, MO and CHICAGO – MAY 16, 2017 – Verve Industrial Protection, is pleased to announce the appointment of Jason Few as Senior Advisor. Mr. Few will help Verve deepen its presence and product leadership in the energy sector.

Mr. Few is the former CEO of Continuum Energy, one the leading mid-stream natural gas providers in North America.  Prior to Continuum, Mr. Few served as President of Reliant Energy in Houston where he led the company’s retail operations.  He is deeply sensitive to the threats that energy companies face from both intentional and unintentional cyber risks. His expertise will help expand Verve’s capabilities in this critical arena.

“We are excited that Jason chose to join us as Senior Advisor.  His experience will help us continue to develop Verve for the critical needs of the energy sector in protecting their most critical assets.  Verve Security Center is the only ICS-focused cyber security solution that provides an integrated platform to simplify end-point and network protection. Jason’s C-level perspective will help us continue to make our solution as relevant for executives managing this critical area,” said John Livingston, CEO of Verve Industrial Protection.

“I am excited to join the Verve team as Senior Advisor.  I have looked at a range of the available cyber security products available for industrial control systems and none of them has the same C-level application and relevance as the Verve Security Center.  It’s ability to orchestrate information and threats across different cyber security tools is critical to ensuring the most important threats are addressed ,” said Mr.Few.

_______________________________________________________________________________________

About Verve Industrial Protection:  Verve, formerly known as RKNeal Engineering, has been in the industrial controls engineering business for approximately 25 years. The company’s flagship software product is the Verve Security Center.   Verve Security Center (VSC) is a vendor agnostic security suite that consolidates antivirus, application whitelisting, change & configuration management, security information & event management (SIEM), patch management, vulnerability assessments, intrusion detection, backup management, compliance, workflow and document management into a unified solution.   VSC brings together threat intelligence into a single console so users can quickly and simply understand their security posture and compliance status The company also offers industrial controls engineering and managed asset protection services to industrial clients.

For more information, please email us at sales@rverveindustrial.com, visit us at verveindustrial.com

When WORMs Attack Critical Infrastructure

On the 12th May 2017 a malicious/phishing email was received and opened by an unwitting user allowing access for a new breed of malicious worm to infect the users machine. The worm in question, WannaCry (WannaCrypt0r) Crypto Ransomware, was a wrapper around a tool originating from the NSA’s cyber arsenal released into the public domain by a hacking teaming going under the name of ShadowBrokers. The tool which WannaCry wrapped into its own functionality was Eternalblue, this had been designed to compromise a set of previously undisclosed Microsoft SMB vulnerabilities, WannaCry also made use of DOUBLEPULSAR for the ability to deploy extra applications to the compromised endpoint. Once run the worm made use EternalBlue’s ability to traverse the network and hunt down other Windows PCs – once connected to a suitable host it would start its main task of cryptographically encrypting the user’s hard disk. Once complete it would display its ransom notification asking for funds to be transferred in order to release the user’s data.

By Monday the 15th the worm is believed to have propagated to over 230,000 users in over 150 countries with its spread stunted by the accidental discovery of a ‘kill switch’ inside the worm – this kill switch relied on the host being able to reach a check URL, if the URL was found then no more search and deploy would continue from that host. Since this had been discovered variants have been started to emerge with the ‘kill switch’ functionality disabled. It is worth noting that the ability to spread so fast relied on the endpoint being ‘internet facing’ and Microsoft patching not being up to date. Within the UK alone this affected 1 in 5 NHS trusts with 70,000 devices including x-ray machinery running Windows XP becoming useable, causing the NHS to declare an emergency. Interestingly the NHS are trialling a replacement operating system which deployed would have drastically reduced their exposure to this attack.

Let’s shift this into the realms of a Nuclear processing, Electrical generation, chemical processing or any process driven critical process whose control systems are generally by design segregated and hived off from the outside world. If this worm had been introduced into this environment then any Microsoft system, be it a HMI workstation, engineering workstation or SCADA server would have been rendered useless once the encryption had taken place. Given these systems wouldn’t be able to contact the external ‘check URL acting as the kill switch’ would mean the replication would continue. How long these systems could run safely before being shutdown would depend on the type of process running and the ability to effectively deal with and mitigate such an outbreak.

Let’s assume the logic running WannaCry is searching for a machine with a specific function or role and that function isn’t matched on the compromised endpoint chances are it will start the encryption of the machines data followed by requesting a ransom, if on the other hand the logic is matched the encryption component may not be deployed – instead the abilities of the secondary wrapped tool, DOUBLEPULSAR is initiated which halts the spread of rendering the disks inoperable and instead look for a path to the its Command & Control Server in order to deploy extra functionality to allow the remote control of the process system. For these systems, this means anything from introducing sporadic inconsistencies through to placing the system into a unhealthy condition and potentially endangering life by rendering safety systems ineffective through to providing control room staff incorrect information. This could be anything from your local ATM/card payment systems, managed motorway signs, water processing plant or even through to the airplane I’m currently sat on under the control of air traffic control. All it takes is a single point of entry to go undetected.

The mitigation for this type of attack ranges from responsible disclosure to the vendor as is the case with EternalBlue from the NSA inadvertently entering the public domain, through to having a full understanding of the endpoints that exist within your CNI estate. For the latter, this information should consist of verified baselines and backups, security and backup continuity plans and policies which are regularly tested, change and patch management finally not forgetting an effect security monitoring solution to monitor and alert on anomalies detected.

For now, WannaCry is limited to utilising code to attack Windows only endpoints – that’s not to say that version 3 or 4 won’t extend its functionality to make use of the other leaked NSA code modules to create more specialise targeted attacks.

Company Overview – Our History, Values & Experience

 Founded originally as RKNeal Engineering we have amassed over 20+ years of experience with our engineers having worked with nearly every major DCS, PLC, and SCADA system on. Today our legacy lives on in the 1,000+ automation and control system projects we have completed.

We have worked closely with our clients on their most pressing network and data needs. We have helped them evolve their networks to manage the increasing amount of connectivity necessary to drive increased efficiency and reliability. We understand how these networks work, their vulnerabilities, and the unique operational characteristics that separate controls networks (operating technology or OT) from IT networks.

Almost 10 years ago, we identified the risks inherent in these older control systems as more of the networks were exposed to external sources of data – whether through the internet or the simple connection of USB sticks. What really concerned us was that cyber security within the ICS environment was fragmenting across OEM vendors and various cyber threat management software tools. Complexity was getting worse, and risks were getting higher. Managing this complexity in an operating environment requires unique expertise.

As a result, we set out to build a unified monitoring and remediation console that lets you view and manage your cyber security workflow, threats, and compliance from a single, vendor-neutral security suite – what we call the Verve Security Centre.

Our focus with Verve has been to improve and simplify reliability, security and compliance within the operational enterprise, and we designed Verve to enable the best IT software tools to work in the ICS environment. Our proprietary “ICS bus” embedded our years of ICS expertise into an integration platform that would allow these multiple systems to operate in concert with one another – and at no risk to the sometimes-fragile legacy control systems.

We combined this integration with customized data tools to seamlessly integrate today’s and tomorrow’s state-of-the-art capabilities, ensuring that customers are always protected.

Verve Industrial Protection 240 Blackfriars Road London

SE1 8NW

URL

Email LinkedIn

Phone

http://www.verveindustrial.com EMEA@verveindustrial.com https://www.linkedin.com/company/rkneal

+44 (0) 7399 538967

Copyright Verve Industrial Protection 2017

RKNeal Orchestration Concept Published in ARC View

The risk of cyber incidents remains high for industrial plants and critical infrastructure. Many operators have invested in sophisticated cyber de-fenses, but most struggle to sustain them. Staffs are overwhelmed with the complexity of managing a never-ending stream of product patches and updates for a multitude of assets and security products.

Verve Security Center helps to cut through the confusion, minimize the effort and maximize accuracy and efficiency of an operational based cyber security program. Recently Verve worked with ARC to define and describe what has been coined an ‘orchestrated approach’ to cybersecurity. To read the full ARC view report click here.